Intro

This section considers the various tools that can be used to create and support the infrastructure of you solution.

DevOps

DevOps is a set of practices:

• Version Control: all versions of the code have to be kept in the VCS (Version Control System).

• Continious Intergration(CI) and Continious Testing: Assumes that code merging, testing and acquiring artefacts must be done as early as possible.

• Continious Delivery/Deployment (CD) automates the process of passing the components of the different software components from developers to the consumers.

• Continuous monitoring requires setting up the automated collection of the information about the system, including: logs, telemetry and the properties of the underlying infrastructure.

• Infrastructure as a Code: requires that all infrastructure have to be described in some kind of scripts that can be used for deployment.

Continious integration

Continuous integration is an approach to adding changes to the software. Each feature is developed in a separate branch, and the changes are then added to the main code base. During the merge attempt the unit tests are applied to the code base with the implemented changes. If the tests pass successfully, the new feature is merged into the main code base.

Continious delivery/deployment

Continious delivery is a process of latest software release transition through several environments, which are dedicated, for exmaple, to user acceptance testing, staging, and production.

Continious delivery involves some manual phases, whereas the continious deployment supposes process to be fully autonomous.

Testing frameworks

Testing is an essential part of CI. There are different types of test for different purposes:

• Unit tests: This tests check if the conditionally atomic sections of the programm works according to the requirements.

• Smoke tests: Check that core functionality of the entire application is working. This generally ensures building processes are still being carried out. The name refers to the “smoke” that indicates that there is a “fire” somewhere in your codebase.

• Integration tests: Ensures that various services interact with each other in accordance with the requirements imposed on them.

• Acceptance tests: Ensures that the final application meets all business requirements and is ready to shipment to the customer.

IaC

Infrastructure as a Code (IaC) is an approach to setup the compute, networks, datastorage etc. via programming methods, instead of manually setting up evertything by hands using interative admistration tools. It allows developers and operational teams to manage infrastructure using code. This code is usually written in a high-level, human-readable scripting language. These scripts are then executed to automate the provisioning and configuration of infrastructure, making the process more efficient, consistent and scalable.

Containerazation

Containerization is an approach to delivering solutions into production. The idea is to pack not only the application, but also the environment in which the application was developed, so that development environment is the same as those where application was tested.

Therefore, you can deploy your applicatoin anywhere where the corresponding container environment is supported.

Check more in the Containerization page.

Kubernetes

It is a container orchestration tool that allows you to manage deployments across various clusters. With a yaml format, you can define deployemnt strategy for applications on multiple machines: the number of instances, target machines, system behaviour in fail case etc.

For details check the Kubernetes page.

Terraform

Is a tool to build infrastructure as a code. In a special declarative format you can describe your infrastructure. Such approach provides serveral benefits:

• If you need to deploy the solution from scratch you, simply apply the ready configuration through terraform.

• You can use the regular control system for code to version-control the infrastructure.

For more details check:

• Get started tutorials.

• Install Terraform page.

Clouds

Maintaining your own hardware can be really expencive; some vendors provide the infrastructure to run your application. This could be just the hardware, or it could include configurable services that provide additional functionality. Those groups of services are called clouds. This section covers the services provided in the clouds and ways to manage them.

Check more in the Clouds page.

Keycloak

Keycloak is the opensource user identification tool that can be integrated into your application.

The usefull references related to Keycloak:

• For general overview of the Kyecloak check the Server Administration Guide.

• Some kind of Keycloak documentation hosted on gitbook.

There are core concepts and terms of Keycloak you should know:

• User is entity that is able to log into your system.

• Role is an identity type or category of the user that can have special opportunities in the system.

• Realm is a namspace that allows you to manage all your metadata and configurations.

• Clients are entities that can request Keycloak to authenticate a user.

• Client scope is a set of the settings for the client. This allows you to easily apply common settings to specific users.

---

Start and configure you Keycloak in Docker.

docker run --name keycloak\
    -p 127.0.0.1:8080:8080 \
    -e KC_BOOTSTRAP_ADMIN_USERNAME=admin \
    -e KC_BOOTSTRAP_ADMIN_PASSWORD=admin \
    quay.io/keycloak/keycloak:26.4.5 start-dev

Service account

Service account is used to configure the authentification of other services in the resources protected by Keycloak.

Check more in Using a service account sectoin of the documentation.

---

The following cell show the request to the token for the service token. Follow the Using a service account guide to properly configure the client client.

The following cell shows the ouput of the /realms/<realm>/protocol/openid-connect/token request if everything configured properly.

client_id=knowledge-client
client_secret=Oo8HDBfguVLX5PNAg7T0qO52qeP7d4hU

curl -X POST -s \
    -d "grant_type=client_credentials"\
    -d "client_id=$client_id" \
    -d "client_secret=$client_secret" \
    http://localhost:8080/realms/master/protocol/openid-connect/token | jq "."

{
  "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJZQW80a0FtQ1Riek5aZGFvQWs1b1VGTDJ5UzExM2c1MGsyMVhGOXp3cVFNIn0.eyJleHAiOjE3NjM5MzcwMjksImlhdCI6MTc2MzkzNjk2OSwianRpIjoidHJydGNjOmM5NjFiYjE4LWMzNDAtZGQzMS0xNzViLWZiMDgyYjA3OGM1MiIsImlzcyI6Imh0dHA6Ly9sb2NhbGhvc3Q6ODA4MC9yZWFsbXMvbWFzdGVyIiwiYXVkIjoiYWNjb3VudCIsInN1YiI6ImIzNDk2YmYxLTlhN2YtNGIwYS04ZmQ3LTIxZDQzNWQzZWViNyIsInR5cCI6IkJlYXJlciIsImF6cCI6Imtub3dsZWRnZS1jbGllbnQiLCJhY3IiOiIxIiwiYWxsb3dlZC1vcmlnaW5zIjpbIi8qIl0sInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJkZWZhdWx0LXJvbGVzLW1hc3RlciIsIm9mZmxpbmVfYWNjZXNzIiwidW1hX2F1dGhvcml6YXRpb24iXX0sInJlc291cmNlX2FjY2VzcyI6eyJhY2NvdW50Ijp7InJvbGVzIjpbIm1hbmFnZS1hY2NvdW50IiwibWFuYWdlLWFjY291bnQtbGlua3MiLCJ2aWV3LXByb2ZpbGUiXX19LCJzY29wZSI6ImVtYWlsIHByb2ZpbGUiLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsImNsaWVudEhvc3QiOiIxNzIuMTcuMC4xIiwicHJlZmVycmVkX3VzZXJuYW1lIjoic2VydmljZS1hY2NvdW50LWtub3dsZWRnZS1jbGllbnQiLCJjbGllbnRBZGRyZXNzIjoiMTcyLjE3LjAuMSIsImNsaWVudF9pZCI6Imtub3dsZWRnZS1jbGllbnQifQ.v-PPHBMk5d9ubaCI2XLzLlTPRXhvKhj2XxoFwYkU07TVgRrMshzxcDAnvXQB2EaWsnqPt9phctiLkn-uwkpf9O3C1j2gl6YeKlwt8_Nc8itdSsUpKHUskD3rCWKOfFWgvZRhkYQcOiL2c1wP-5HFkXuGfRg-j7qGJuwkeM85Ijd9IL6xKrT4QHkEFHM3jC2IrniV0ENofifYUGkS3cdMCJmdO7-Vv8f_bA_qWO4SB32E-FIk0tg178tlkrd4ZTYjg6PcPbcL_VOrSn2auj9e9OMRdo1jW8DqNxo5Ku41g2UEe5H-2yEGzhzL_Iuviiw7GWXqvLr2-JDsnu4A2BTQCw",
  "expires_in": 60,
  "refresh_expires_in": 0,
  "token_type": "Bearer",
  "not-before-policy": 0,
  "scope": "email profile"
}